CVE-2024-23897 - Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

CVE-2024-23897: Jenkins | Jenkins Command Line Interface (CLI)

Date Added:
2024-08-19

Due Date:
2024-09-09

Vulnerability Name: Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

Description: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897